Getting Data In
Highlighted

Is it possible to create a role-based search filter on a specific index?

Contributor

We'd like to grant access to an additional index to a role, but we only want the members to be able to view 2 sourcetypes in that index.

I added a role called: foo_filtered
I added a search filter of: "service=Amazon OR service=Ebay" to that role
I gave that role access to an index named "vendor"

Their existing role foo_mail has access to search the "mail" and "spam" indexes.

So, when I add the foo_filtered role to their group, ALL searches (regardless of index) apply the filter. I only want the filter applied if they're searching the "vendor" index.

Is this even possible?
Thank you

0 Karma
Highlighted

Re: Is it possible to create a role-based search filter on a specific index?

Influencer

This is not possible with the current version of Splunk, unfortunately. You can submit an enhancement request on the Support Portal and they might add it in the future though.

View solution in original post

0 Karma
Highlighted

Re: Is it possible to create a role-based search filter on a specific index?

Communicator

Is this still true?

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.